Composable Security ⛓️‍💥

878 posts

Composable Security ⛓️‍💥 banner
Composable Security ⛓️‍💥

Composable Security ⛓️‍💥

@Composable_Sec

Smart Contracts, Off-chain Components and AI Integrations Security Reviews Worked with: @LidoFinance @UniswapFND @redstone_defi @YieldNestFi @0xOthentic

Let us help 🔎🐛 Katılım Ekim 2022
93 Takip Edilen928 Takipçiler
Sabitlenmiş Tweet
Composable Security ⛓️‍💥
Composable Security ⛓️‍💥@Composable_Sec·
We are proud to announce the release of the updated 𝗦𝗺𝗮𝗿𝘁 𝗖𝗼𝗻𝘁𝗿𝗮𝗰𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗩𝗲𝗿𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 (𝗦𝗖𝗦𝗩𝗦)! ✅ The best and most comprehensive checklist available for Solidity based smart contract projects.
Composable Security ⛓️‍💥 tweet media
English
5
43
117
32.6K
Composable Security ⛓️‍💥
A note from our founder on how we have been building the firm this year. The part that matters for our clients: - the more of the operational work our agents handle, the more of our expert reviewers' time goes where it cannot be automated, reading what actually ships before it does. That is the whole reason we drew the line where we did.
Paul Kuryłowicz@wh01s7

At the start of 2026 we added more new team members to @Composable_Sec than in every prior year of the company combined. Not one of them is a person. They are AI agents. A CEO, a COO, a CMO, a CSO, a CFO, a CTO. Each one owns a lane. They read the same knowledge base, hand work to each other, argue about priorities, and escalate to me when they hit the edge of what they are allowed to decide. Now, if you have followed me for a while, you know how this sounds. I am the person who keeps saying that a $200 a month AI subscription does not give your protocol the same security as an experienced reviewer going through what actually ships. I still mean it. So why did I just build a company staffed by AI agents? Because I know exactly where the line is. The agents run the firm. They keep the knowledge base clean, draft the content, research accounts, track the pipeline, watch the numbers. That is real work, it is repeatable, and it compounds when you give it a memory and a process. An agent that never forgets a source and never skips a step is genuinely good at that. The agents do not do the security review. That is the line, and it does not move. When the work touches a client's security, a human owns it start to finish. Not because the tools are useless, they are not, but because "confidently almost right" is the most expensive failure mode there is, and telling the two real findings from the thirty-eight noisy ones is the whole job. That judgment comes from experience, not from a subscription. So here is the part that surprises people. We run our agents the same way we tell you to run yours. In the loop. With a human accountable for the outcome. With every claim checked against something you can independently confirm, not something the model promised. The agent proposes, a person decides, and the decision is traceable back to a source. If it cannot be verified, it does not ship. We are aiming for 99% autonomy on that operational layer. Not because 99% sounds impressive, but because it forces a real question: which 1% must stay human? The answer, for us, is the 1% where the work touches your security, and the moments where a decision carries trust, reputation, or a promise to a client. That 1% is not a rounding error. It is the point. The hiring wave is real. The autonomy target is real. And so is the boundary. An AI agent can run a surprising amount of a security firm. It should not be the thing standing between an attacker and your users' funds. Knowing the difference is not a limitation on the technology. It is the whole design.

English
0
0
2
181
Composable Security ⛓️‍💥
Composable Security ⛓️‍💥@Composable_Sec·
Most teams defend the wrong layer. They sanitize user input and call it done. But the malicious instruction rarely comes from a user typing something clever. It hides in a document the model reads, a tool response it trusts, a database record it pulls, or yesterday's conversation history. In April 2026, an AI agent at PocketOS deleted production databases using valid credentials, because the system trusted the model's too much instead of putting hard controls behind it. 7 mistakes we keep seeing in LLM systems:  1. Vague system prompts with no real constraints  2. Filtering only user input, ignoring indirect injection  3. Handing the model too many tools and too much access  4. Trusting input sanitization to stop natural-language attacks  5. No logging, so a breach cannot be detected or investigated  6. Treating LLM features as UI, not as security-critical systems  7. Believing one control is enough The thread that ties all 7 together: the model should never be the final security boundary. Authorization, asset movement, and destructive actions belong in backend systems and human approval, not in prompt text. Building an AI agent or adding LLM features to your product? This is worth 10 minutes before your next release. Full write-up 👇
Composable Security ⛓️‍💥 tweet media
English
1
2
1
313
Security Alliance
Security Alliance@_SEAL_Org·
It's finally happening! SEAL Certifications are now open for business. 🎉
Security Alliance tweet media
English
15
28
145
30K
Composable Security ⛓️‍💥 retweetledi
Damian Rusinek
Damian Rusinek@drdr_zz·
#ClaudeCode Security Notes #3 - when deny = ask ❗️ A deny rule like `permissions.deny: ["Edit(~/)"]` is not a hard block on editing home-directory files. Example: You want to block edits to a home-dir file "test": ~/test Claude Code attempts: Edit(~/test) When Claude Code is asked to modify this file, it can fall back to asking for approval. 👉 That means "Edit(~/)" behaves more like "ask" than a real "deny" for the context you wanted blocked. 👉 If you add full tool to the "deny" list: "Edit", it will not block the tool, but ask whether to use it. Can we really deny it❓ ➡️ Block the tool using "hooks", specifically the "PreToolUse" hook: "hooks": { "PreToolUse": [ { "matcher": "Read|Edit", "hooks":[ { "type": "command", "command": "exit 2" } ] } ] },
Damian Rusinek tweet media
English
2
1
6
938
Composable Security ⛓️‍💥
Composable Security ⛓️‍💥@Composable_Sec·
3 high and critical severity findings in the last 2 months. All OFF-CHAIN. That's what we've reported to bug bounty platforms recently. All in projects that have been audited multiple times. Oracles, RPCs, validator services, custom relayers. None in the smart contracts on top. If you own an off-chain component that hasn't been reviewed in the last 12 months, this is where we'd start. Let us audit your off-chain components
Composable Security ⛓️‍💥 tweet media
English
0
2
3
263
Composable Security ⛓️‍💥
Composable Security ⛓️‍💥@Composable_Sec·
Cursor's command allowlist validates the wrapper, not what runs inside it. find . -exec python3 -m http.server 8080 \; slips past approval and exposes source, .env files, and API keys. Read about GTFOBins-style IDE bypass by @drdr_zz
Composable Security ⛓️‍💥 tweet media
English
1
0
1
610
Composable Security ⛓️‍💥 retweetledi
Damian Rusinek
Damian Rusinek@drdr_zz·
#ClaudeCode Security Notes #1 Using Claude Code sandboxing? Good. Just make sure it cannot silently stop being sandboxing. Example config: { "sandbox": { "enabled": true, "failIfUnavailable": true, "autoAllowBashIfSandboxed": false } } It is easy to assume that "failIfUnavailable: true" means: “If sandboxing does not work, do not run the command.” But that is not the full story. If a command is blocked by the sandbox, Claude Code may try to rerun it outside the sandbox. The setting you probably want is: { "sandbox": { "allowUnsandboxedCommands": false } } If you do not use sandboxing — use it. If you do — make sure you did not leave Claude an escape hatch.
Damian Rusinek tweet mediaDamian Rusinek tweet media
English
0
2
5
284
Composable Security ⛓️‍💥
Composable Security ⛓️‍💥@Composable_Sec·
If your only security layer is a newly added feature like Claude Sandbox, you might want to rethink your approach. @drdr_zz is working on an article that will help you do this better. Follow us so you don't miss it.
Composable Security ⛓️‍💥 tweet media
English
0
0
2
220
Composable Security ⛓️‍💥
Composable Security ⛓️‍💥@Composable_Sec·
Prompt injection stops being a chatbot inconvenience the moment an AI agent can sign a transaction, call a tool, or move funds. The model doesn't need to be "hacked" - it only needs to be misled by a document, a webpage, or a tool output it had no reason to distrust. Our latest article covers the controls that actually reduce that risk in production Link in the comment 👇
Composable Security ⛓️‍💥 tweet media
English
1
1
1
269
Composable Security ⛓️‍💥 retweetledi
Damian Rusinek
Damian Rusinek@drdr_zz·
I’ve fulfilled my responsibility as an ETHSecurity Badge holder. 💪 From a large pool of applicants, I selected projects that I believe can meaningfully improve security across the Ethereum ecosystem and deserve funding. My focus was primarily on projects I personally use or would like to use, teams backed by people I trust, contributors with a proven track record, and/or promising security initiatives that are valuable but difficult to monetize. I was also glad to see many projects going beyond source code security, with strong work in areas like opsec and education. That is a very positive signal: Ethereum security is broadening beyond contests, audits, and bug bounties alone.
English
1
2
5
358
Composable Security ⛓️‍💥 retweetledi
Damian Rusinek
Damian Rusinek@drdr_zz·
A client recently reminded us that, during an audit a while back, we flagged their LayerZero 1/1 DVN setup as unsafe and recommended adding more DVNs. That change meant they wouldn’t have been exposed to the same failure mode that later cost KelpDAO $300M. Small config choices matter 💪
English
7
2
29
3.4K